Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins

Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins

On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks anywhere on an infected web page, they are served questionable ads.

Plugin Location

The malicious plugins possess a very similar file structure:

Injectbody

wp-content/plugins/injectbody/

  • injectbody.php: 2146 bytes (the plugin code)
  • inject.txt: 2006 bytes (injected JavaScript)

Injectscr

wp-content/plugins/injectscr/

  • injectscr.php: 1319 bytes (the plugin code)
  • inject.txt: 3906 bytes (injected JavaScript)

The functionality of these plugins are also very similar.

Continue reading Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins at Sucuri Blog.

Via Sucuri.net

Tags: , , ,

No comments yet.

Leave a Reply